I just uploaded new MySQL 5.1.41 packages that fix a remote buffer overflow in MySQL servers that use the embedded YaSSL library :
- Lenz Grimmer gives more information about this issue
- CVE-2009-4484 has been filled
Since Debian and Dotdeb are impacted, you are strongly encouraged to upgrade your servers.
12 replies on “MySQL 5.1.41 has been updated to fix a security issue”
Hi Guillaume thanks for rapidly responding to security updates for your packages
have you considered push notification of mirrors so that they can replicate these updates quickly?
sorry forgot to add, uk mirror is now uptodate with this (earlier than the normal 24 hour window)
@Anthony : there is no push to the mirrors yet, but I think I’ll have to think about such a system (inspired from Debian’s one? http://www.debian.org/mirror/ftpmirror#when )
BTW, thanks for updating the UK mirror so quickly.
New version of MySQL is 5.1.42.
New version of MySQL is 5.1.43.
@Psychos : Greeat! But Debian’s one is still 5.1.41 (with bug- and security- fixes)
Please be some more patient 🙂
I’m trying to rebuild your 5.1.43 package with a patch but there are always failing tests (with or without the patch)
Failing test(s): main.partition_innodb main.information_schema_chmod main.trigger rpl.rpl_rotate_logs
I’m running AMD64 Lenny. Any ideas? What are your dpkg-buildpackage parameters?
@Moritz : try to set to set this environment variable :
@Guillaume: Thank you very much! Works like a charm 🙂
Do you have the tests enabled when building your packages?
@Moritz : Yes, most of them (building MySQL in a chroot makes some of them fail)
First, thanks for your work compiling and packaging mysql 5.1
I suggest that you could activate the –enable-thread-safe-client flag. It won’t do any harmful, and it will benefit a lot the people (like me ;D) that uses multithreaded applications on debian!
@Alberto : I just checked the last MySQL packages for Lenny. They have the thread safety enabled.